literature-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates various Model Context Protocol (MCP) tools for academic searching and document parsing, as well as a
runSubagenttool for delegated analysis tasks.\n- [DATA_EXFILTRATION]: Accesses external academic APIs (PubMed) and local file systems to retrieve and index research materials as part of its core functionality.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection when processing external literature.\n - Ingestion points: External PDFs and full-text articles ingested through tools like
ingest_documentsandget_fulltext.\n - Boundary markers: The workflow does not explicitly specify delimiters or isolation markers for content passed to analysis agents.\n
- Capability inventory: The skill has permissions to write analysis files and execute subagents.\n
- Sanitization: There is no evidence of sanitization for ingested text, although the use of subagents for analysis provides architectural isolation.
Audit Metadata